I have my own person computer running Windows 7 and another computer running Ubuntu Server 12.0.4. Currently, if I have a something running on Windows 7 (like, say, Tomcat), I can access it on the Ubuntu box using the router ip (something like 192.168.0.x) and vice versa. How would I go about making it so that the Windows 7 box could access the Ubuntu box but the Ubuntu box could not access the Windows 7 box? Basically, I want to allow the Ubuntu box access to the internet but not access to the other computers behind the router.

I tried to setup a firewall rule on the Win7 box (using Windows Firewall) that had a scope of local ip addresses of my Ubuntu box (192.168.0.6) and selected Block Connection but that didn't seem to make a difference.

Are the systems connected to a switch or directly to the router? If connected directly to the router what is the make/model?
–
p0rkjelloAug 20 '12 at 18:40

@p0rkjello They are connected to the built in router in my Motorola SBG900 wireless cable modem. My Win7 box is connected via ethernet and the Ubuntu box is on wireless.
–
AHungerArtistAug 20 '12 at 22:28

The server will be placed in the DMZ. Depending on firewall and port-forwarding configuration it is possible to connect to hosts inside the DMZ from the Internet. Hosts in the DMZ can not connect to hosts in the internal network. Hosts inside the internal network can access hosts inside the DMZ and in the Internet.

If an attacker would compromise the server inside the DMZ, the attacker can not directly connect to hosts in the internal network. Of course this depends on the configuration. And the attacker can still try to compromise hosts in the internal network when these establish connections to services on the compromised DMZ server.

Some routers provide a DMZ functionality which can be enabled in the configuration interface.

if you only want to restrict ubuntu from accessing other things then you may want to look in to iptables where packet is on eth... outbound to 192.x.x.0 and status is new -j DROP.

that isnt the exact syntax but should give you the general idea. firewall drops all new packet going out of ubuntu to the local network. you have to specify your router -j ALLOW just before this rule so you can always send new traffic to the internet. Since it is blocking only outbound new connections your win box should have no issues starting sessions with it.

If you are worried about just the win system put a personal firewall on it and block what needs to be blocked. if you have a decent cable modem it may let you specify different ip's between the wireless and wired so that they cant route to each other.

Well, my concern (paranoia) is that if they get onto the Ubuntu box it doesn't matter what the iptables is set up as as they can simply override it. Likewise, if they're on the Ubuntu box, they can access the router, so it couldn't be there either. So, it'd almost certainly have to be a block on the Windows side. Perhaps I'll ask a more directed question on that. Thanks for your input.
–
AHungerArtistAug 21 '12 at 19:21

If a system gets hacked it gets hacked doesnt matter the os. I would be more worried about the windows machine being the source of the trouble. With linux kill all the unneeded services, make real passwords and or use certificate type authentications.. follow standard security practices and update your software. That will be far safer then any windows machine in my opinion. Also you are only as secure as your weekest link be it a default password on a publicly accessible router or a well known hack for windows.
–
KendrickAug 24 '12 at 2:55

Also I keep a repository of all my configurations and what software i install on my systems. If some one changes config files etc I will quickly know what was hacked and when. I also have a repository so that I can nuke and reload the os with minimal downtime. I store my repository on a flash drive that I only plug in when I do updates to config files and only long eough to commit the changes. I do the same with windows. all important data and special configs are always seperated and backed up for recovery. I usually wipe windows about 1ce a year for stability and security reasons.
–
KendrickAug 24 '12 at 3:00